CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 0CVE-2016-5548 – OpenJDK: DSA implementation timing attack (Libraries, 8168728)
https://notcve.org/view.php?id=CVE-2016-5548
20 Jan 2017 — Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to ... • http://rhn.redhat.com/errata/RHSA-2017-0175.html • CWE-385: Covert Timing Channel •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2016-5549 – OpenJDK: ECDSA implementation timing attack (Libraries, 8168724)
https://notcve.org/view.php?id=CVE-2016-5549
20 Jan 2017 — Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u121 and 8u112; Java SE Embedded: 8u111. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critica... • http://rhn.redhat.com/errata/RHSA-2017-0175.html • CWE-385: Covert Timing Channel •
CVSS: 5.3EPSS: 0%CPEs: 9EXPL: 0CVE-2016-5552 – OpenJDK: incorrect URL parsing in URLStreamHandler (Networking, 8167223)
https://notcve.org/view.php?id=CVE-2016-5552
20 Jan 2017 — Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111; JRockit: R28.3.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java... • http://rhn.redhat.com/errata/RHSA-2017-0175.html • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 0%CPEs: 8EXPL: 0CVE-2017-3231 – OpenJDK: URLClassLoader insufficient access control checks (Networking, 8151934)
https://notcve.org/view.php?id=CVE-2017-3231
20 Jan 2017 — Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read acce... • http://rhn.redhat.com/errata/RHSA-2017-0175.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.8EPSS: 0%CPEs: 9EXPL: 0CVE-2017-3252 – OpenJDK: LdapLoginModule incorrect userDN extraction (JAAS, 8161743)
https://notcve.org/view.php?id=CVE-2017-3252
20 Jan 2017 — Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JAAS). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111; JRockit: R28.3.12. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Jav... • http://rhn.redhat.com/errata/RHSA-2017-0175.html • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 1%CPEs: 9EXPL: 0CVE-2017-3253 – OpenJDK: imageio PNGImageReader failed to honor ignoreMetadata for iTXt and zTXt chunks (2D, 8166988)
https://notcve.org/view.php?id=CVE-2017-3253
20 Jan 2017 — Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: 2D). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111; JRockit: R28.3.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete... • http://rhn.redhat.com/errata/RHSA-2017-0175.html • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0CVE-2017-3259 – JDK: unspecified vulnerability fixed in 6u141, 7u131, and 8u121 (Deployment)
https://notcve.org/view.php?id=CVE-2017-3259
20 Jan 2017 — Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java We... • http://rhn.redhat.com/errata/RHSA-2017-0175.html •
CVSS: 4.3EPSS: 1%CPEs: 8EXPL: 0CVE-2017-3261 – OpenJDK: integer overflow in SocketOutputStream boundary check (Networking, 8164147)
https://notcve.org/view.php?id=CVE-2017-3261
20 Jan 2017 — Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read acce... • http://rhn.redhat.com/errata/RHSA-2017-0175.html • CWE-125: Out-of-bounds Read •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2017-3262 – JDK: unspecified vulnerability fixed in 8u121 (Java Mission Control)
https://notcve.org/view.php?id=CVE-2017-3262
20 Jan 2017 — Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Java Mission Control). The supported version that is affected is Java SE: 8u112. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note: Applies to Java Mission Control Installation. • http://rhn.redhat.com/errata/RHSA-2017-0175.html •
CVSS: 9.6EPSS: 1%CPEs: 8EXPL: 0CVE-2017-3272 – Oracle Java AtomicReferenceFieldUpdater Type Confusion Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2017-3272
20 Jan 2017 — Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may signif... • http://rhn.redhat.com/errata/RHSA-2017-0175.html •