CVSS: 7.5EPSS: 1%CPEs: 9EXPL: 0CVE-2017-3253 – OpenJDK: imageio PNGImageReader failed to honor ignoreMetadata for iTXt and zTXt chunks (2D, 8166988)
https://notcve.org/view.php?id=CVE-2017-3253
20 Jan 2017 — Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: 2D). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111; JRockit: R28.3.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete... • http://rhn.redhat.com/errata/RHSA-2017-0175.html • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0CVE-2017-3259 – JDK: unspecified vulnerability fixed in 6u141, 7u131, and 8u121 (Deployment)
https://notcve.org/view.php?id=CVE-2017-3259
20 Jan 2017 — Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java We... • http://rhn.redhat.com/errata/RHSA-2017-0175.html •
CVSS: 4.3EPSS: 1%CPEs: 8EXPL: 0CVE-2017-3261 – OpenJDK: integer overflow in SocketOutputStream boundary check (Networking, 8164147)
https://notcve.org/view.php?id=CVE-2017-3261
20 Jan 2017 — Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read acce... • http://rhn.redhat.com/errata/RHSA-2017-0175.html • CWE-125: Out-of-bounds Read •
CVSS: 9.6EPSS: 1%CPEs: 8EXPL: 0CVE-2017-3272 – Oracle Java AtomicReferenceFieldUpdater Type Confusion Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2017-3272
20 Jan 2017 — Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may signif... • http://rhn.redhat.com/errata/RHSA-2017-0175.html •
CVSS: 9.0EPSS: 71%CPEs: 9EXPL: 5CVE-2017-3241 – Oracle OpenJDK Runtime Environment 1.8.0_112-b15 - Java Serialization Denial Of Service
https://notcve.org/view.php?id=CVE-2017-3241
20 Jan 2017 — Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111; JRockit: R28.3.12. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. While the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successfu... • https://packetstorm.news/files/id/141104 • CWE-20: Improper Input Validation CWE-502: Deserialization of Untrusted Data •
CVSS: 10.0EPSS: 10%CPEs: 11EXPL: 0CVE-2015-0459 – JDK: unspecified vulnerability fixed in 5.0u85, 6u95, 7u79 and 8u45 (2D)
https://notcve.org/view.php?id=CVE-2015-0459
16 Apr 2015 — Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40, and JavaFX 2.2.76, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2015-0491. Vulnerabilidad no especificada en Oracle Java SE 5.0u81, 6u91, 7u76, y 8u40, y JavaFX 2.2.76, permite a atacantes remotos afectar la confidencialidad, la integridad y la disponibilidad a través de vectores desconocidos relacionados con 2D, una vulnerabilidad ... • http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00017.html •
CVSS: 10.0EPSS: 8%CPEs: 11EXPL: 0CVE-2015-0491 – JDK: unspecified vulnerability fixed in 5.0u85, 6u95, 7u79 and 8u45 (2D)
https://notcve.org/view.php?id=CVE-2015-0491
16 Apr 2015 — Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40, and Java FX 2.2.76, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2015-0459. Vulnerabilidad no especificada en Oracle Java SE 5.0u81, 6u91, 7u76, y 8u40, y Java FX 2.2.76, permite a atacantes remotos afectar la confidencialidad, la integridad y la disponibilidad a través de vectores desconocidos relacionados con 2D, una vulnerabilida... • http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00017.html •
CVSS: 9.8EPSS: 5%CPEs: 11EXPL: 0CVE-2015-0492 – JDK: unspecified vulnerability fixed in 7u79 and 8u45 (JavaFX)
https://notcve.org/view.php?id=CVE-2015-0492
16 Apr 2015 — Unspecified vulnerability in Oracle Java SE 7u76 and 8u40, and JavaFX 2.2.76, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2015-0484. Vulnerabilidad no especificada en Oracle Java SE 7u76 y 8u40, y JavaFX 2.2.76, permite a atacantes remotos afectar la confidencialidad, la integridad y la disponibilidad a través de vectores desconocidos, una vulnerabilidad diferente a CVE-2015-0484. Oracle Java SE version 7 includes the... • http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00017.html •
CVSS: 9.8EPSS: 7%CPEs: 8EXPL: 0CVE-2015-0460 – OpenJDK: incorrect handling of phantom references (Hotspot, 8071931)
https://notcve.org/view.php?id=CVE-2015-0460
16 Apr 2015 — Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot. Vulnerabilidad no especificada en Oracle Java SE 5.0u81, 6u91, 7u76, y 8u40 permite a atacantes remotos afectar la confidencialidad, la integridad y la disponibilidad a través de vectores desconocidos relacionados con Hotspot. A flaw was found in the way the Hotspot component in OpenJDK handled phantom references. An u... • http://advisories.mageia.org/MGASA-2015-0158.html •
CVSS: 10.0EPSS: 9%CPEs: 8EXPL: 0CVE-2015-0469 – ICU: layout engine glyphStorage off-by-one (OpenJDK 2D, 8067699)
https://notcve.org/view.php?id=CVE-2015-0469
16 Apr 2015 — Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. Vulnerabilidad no especificada en Oracle Java SE 5.0u81, 6u91, 7u76, y 8u40 permite a atacantes remotos afectar la confidencialidad, la integridad y la disponibilidad a través de vectores desconocidos relacionados con 2D. An off-by-one flaw, leading to a buffer overflow, was found in the font parsing code in the 2D componen... • http://advisories.mageia.org/MGASA-2015-0158.html • CWE-122: Heap-based Buffer Overflow •