CVSS: 9.6EPSS: 0%CPEs: 48EXPL: 0CVE-2017-10087 – OpenJDK: insufficient access control checks in ThreadPoolExecutor (Libraries, 8172204)
https://notcve.org/view.php?id=CVE-2017-10087
20 Jul 2017 — Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may signif... • http://www.debian.org/security/2017/dsa-3919 •
CVSS: 6.5EPSS: 0%CPEs: 50EXPL: 0CVE-2017-10243 – OpenJDK: insecure XML parsing in wsdlimport (JAX-WS, 8182054)
https://notcve.org/view.php?id=CVE-2017-10243
20 Jul 2017 — Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JAX-WS). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded, JRocki... • http://www.debian.org/security/2017/dsa-3954 •
CVSS: 9.6EPSS: 0%CPEs: 48EXPL: 0CVE-2017-10101 – OpenJDK: unrestricted access to com.sun.org.apache.xml.internal.resolver (JAXP, 8173286)
https://notcve.org/view.php?id=CVE-2017-10101
20 Jul 2017 — Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JAXP). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significant... • http://www.debian.org/security/2017/dsa-3919 •
CVSS: 5.9EPSS: 0%CPEs: 52EXPL: 0CVE-2017-10135 – OpenJDK: PKCS#8 implementation timing attack (JCE, 8176760)
https://notcve.org/view.php?id=CVE-2017-10135
20 Jul 2017 — Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JCE). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Ja... • http://www.debian.org/security/2017/dsa-3919 • CWE-385: Covert Timing Channel •
CVSS: 8.3EPSS: 1%CPEs: 50EXPL: 0CVE-2017-10074 – OpenJDK: integer overflows in range check loop predicates (Hotspot, 8173770)
https://notcve.org/view.php?id=CVE-2017-10074
20 Jul 2017 — Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may signif... • http://www.debian.org/security/2017/dsa-3919 • CWE-190: Integer Overflow or Wraparound •
CVSS: 5.3EPSS: 0%CPEs: 52EXPL: 0CVE-2017-10109 – OpenJDK: unbounded memory allocation in CodeSource deserialization (Serialization, 8174113)
https://notcve.org/view.php?id=CVE-2017-10109
20 Jul 2017 — Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial... • http://www.debian.org/security/2017/dsa-3919 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 6.8EPSS: 0%CPEs: 53EXPL: 0CVE-2017-10198 – OpenJDK: incorrect enforcement of certificate path restrictions (Security, 8179998)
https://notcve.org/view.php?id=CVE-2017-10198
20 Jul 2017 — Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. While the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Succ... • http://www.debian.org/security/2017/dsa-3919 •
CVSS: 9.6EPSS: 0%CPEs: 51EXPL: 0CVE-2017-10110 – OpenJDK: insufficient access control checks in ImageWatched (AWT, 8174098)
https://notcve.org/view.php?id=CVE-2017-10110
20 Jul 2017 — Vulnerability in the Java SE component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can resu... • http://www.debian.org/security/2017/dsa-3919 •
CVSS: 9.6EPSS: 0%CPEs: 51EXPL: 0CVE-2017-10089 – OpenJDK: insufficient access control checks in ServiceRegistry (ImageIO, 8172461)
https://notcve.org/view.php?id=CVE-2017-10089
20 Jul 2017 — Vulnerability in the Java SE component of Oracle Java SE (subcomponent: ImageIO). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can ... • http://www.debian.org/security/2017/dsa-3919 •
CVSS: 8.3EPSS: 1%CPEs: 7EXPL: 0CVE-2017-3514 – Gentoo Linux Security Advisory 201705-03
https://notcve.org/view.php?id=CVE-2017-3514
24 Apr 2017 — Vulnerability in the Java SE component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can re... • http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html •